Description
In the default configuration, after JBoss is installed, the JMX console is available at http://localhost:8080/jmx-console. The JMX console can be used to display the JNDI tree, dump the list of threads, redeploy an application or even shutdown the application server. By default, the console is not secured and can be used by remote attackers. Check References for detailed information.
Remediation
Restrict access to JMX Management Console.
References
Related Vulnerabilities
WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)
WordPress W3 Total Cache plugin predictable cache filenames
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)